Hiding in Plain Sight

Content Warning : this post is about current (mid-2026) generative AI. I'm neither an AI neighsayer, nor evangelist. Most of my perspective is from a combined product development and economic perspective.  None of this has been written with generative AI, either directly or with assistance.

Product Dilemmas

If you rewind to the end of 2025, the AI race seems to be a questionable one, financially speaking. The cost of training models (as distinct from inference when the models are used) is astronomical, and OpenAI, Anthropic battle it out with the deep pocketed Meta and Google, as well as DeepSeek and other actors. When you combine datacenter build out, training costs and inference costs, and compare with access fees, it's pretty clear that VCs are going to be losing a ton of money. The old joke of "We're losing money of every sale, but we'll make it up on volume" seems to be directly applicable.

So let's say you're a product leader at Anthropic, and you see this arms race continuing, what might you do? Can smart product decisions get us out of this mess?

Changing the Game

My friend Loren has a great question for every new technology hype wave that hits, which is "But where's the killer app?". Whether Cloud computing, Cryptocurrency or Generative AI, it's a great question to ask. If all most people's experiences with Generative AI is ChatGPT or funny image generation using MidJourney, then I think the experience is good but not great. Hallucinations greatly impact the output, with AI slop being common place. Generative AI's use in various fields, from law through to journalism, are riddled with examples of the generative AI making something up and the work not being checked thoroughly.

So back to being a product leader at Anthropic. You're thinking about this, and thinking about the costs and the constant race with competitors, and you decide you need a plan. 

Firstly, you recognize that generative AI is actually great when applied to software development. The reason for this is that the output (naively code, HTML, markdown, schema etc) has tools around it (compilers, for example) that provide guardrails and ways of managing hallucinations. Really, when you think about it, it's just fault tolerant computing mapped at a different level. So you think, if generative AI can be good at software and Anthropic is, fundamentally, a software company, it's killer app is going to be software tools that Anthropic themselves use. Because if the story is true, then Anthropic will be able to innovate and eat its own dogfood, creating the systems and infrastructure that allow for rapid innovation.

This then leads to the realization that this is a great way out of the dilemma presented above, and it forms a great story for the run up to the IPO.

A New Story

You recognize that pace of innovation is key, and that's not just producing more code, it's managing the entropy of systems, so you focus internally on making progress on systems, processes and tooling, using generative AI, that ensures development can run quickly. You start the innovation cycle outside of training, creating tools and skills and evangelizing models (agentic development, loops) all focused on shifting the story about how generative AI is used. All the tooling and processes to manage Anthropics code is internal, as the world is still focused on models.

Next you create a new training model that is better than predecessors. Rather than release it widely, you make its release limited and say it's restricted to certain trusted companies because it's so powerful and can expose cyber security issues like a knife through butter. This is great because it's an expensive model to run inference on, so making it generally available would be a drain on cash. Maybe you can spin up a great story behind it, a fable (thanks Drew) as it were, and maybe you can release it then have the government put export restrictions on it, because it's so good.

Now you've changed the conversation because all your competitors are playing catch up with expensive model training when you've moved on. The innovation isn't just at the model training level any more, it's in the tooling, training, skills and loops around the model, that allows you to build and deploy quicker. Sure, the model can be used like most general purpose generative AI, but it's good to focus, and you're creating a system which will be the baseline for any future software company. Further, you're laying the groundwork for a disruptive wave of software companies using this new way of working. The model shifts from SaaS companies building per user per month software subscriptions to Anthropic charging per agent per month GenAI subscriptions to solution providers who can out innovate and replace the SaaS companies at a much lower cost basis with low entropy code bases.

The IPO

On the run up to the IPO, the story is really coming together. Your use of your own tools means that you product release calendar is far more rapid than any others, perhaps even releasing daily. You have the mindshare around these mythological models that are better than anything else out there, when in reality you can tell investors that you expect your ongoing training costs for new models to reduce as the investment shifts from model differentiation to full-range tool differentiation. You also start talking about how generative AI is just one piece of the puzzle needed to create AGI, and that that's what Anthropic has been building. The groundwork, the infrastructure, the components and tools. You also start to have a roster of killer app companies, all using your models, skills, loops and mindset to create solutions that have low maintenance costs and can respond rapidly to changing requirements and user demands. All those killer app companies are subscribers to inference and tools, allowing further revenue upside. Potential investors concerned that people are just going to run models locally if the per seat cost gets too high? Yes, that would be a problem if you're just a model company (cough OpenAI).  But you're Anthropic, you're not just a model company, you've been a next generation software company hiding in plain sight all this time.

The Email/Browser marriage needed a prenup

 Those of you who know me may know I have an early Gmail address that beyond being very easy to guess is also exceptionally easy for people who aren't me to use as a throwaway. Being cornered by an aggressive car salesman, or a pesky free wifi access point? Look no further!

Over the years I'm dealt with an increasing number of spam messages, as well as a number of confused people who don't understand that my courtesy in replying to their heartfelt personal email (or legal action) doesn't correspond to the person they're really trying to reach. Mostly they're grateful, often polite but belligerent and confused isn't helpful to anyone really.

I've noticed that there are general classes of service that do a poor job with email verification or double-opt in. Car dealerships are one, realtors are another. I understand that requiring opt-in reduces your conversion rate, but... is it really if the person who clicked the link isn't the person at the other end of the email.

My email situation has degraded so much that I'm working on migration off Gmail. This is partly Gmail's fault too as their spam protection is no longer great. Whilst they may move a lot of messages to the Spam folder, they regularly flag legitimate messages from Instagram, Twitter, Facebook, Snapchat and Google as spam - and yes, I double checked the messages very carefully on the last one. At scale (and I stress, at scale - my spam folder has a steady state of ~60k messages in it, with the 30 day delete window) this system fails since looking at my spam folder for a legitimate message, when they're arriving 1-2 every minute, isn't feasible.

There's a hand off here between a browser visiting a web page and 'signing up' and the email round trip that is problematic. There is no standard, no ground rules or firm agreement, no prenup as it were, on how a web server can verify a user. It's understandable that a web site wants to be able to have a firm 'handle' on its users - email was first, mobile phone numbers are coming up quickly. The issue remains - at the limit, requiring a roundtrip and a handshake with the email account is broken.

Just to document a recent incident that illustrates all this coming together, I have (or rather had) a reddit account that I used mainly for browsing - the Seattle reddit, the Apple reddit, the usual. Rarely posted in over 14 years, barely squeaked over 200 karma (not a big fan of fake internet points). When I set it up over 14 years ago, I'd associated it with my very common gmail account. The gmail account that marks any email coming from Reddit as spam.

It turns out (I didn't know, because - never received emails) that it's quite easy to establish other reddit accounts using my email. I'm not clear if the individuals used a different email account to 'verify' and then switched to mine, or whether reddit still allows the user to post when waiting for verification (got to bump up those conversion numbers! Can't have friction!). Either way, a number of other users had my gmail account associated with them. Reddit also has this (on the surface rational) policy that being banned on one (maybe multiple) account(s) associated with the same email address will result in all accounts associated with that email account being banned. 

Which is what's happened to my old reddit account. I've tried the Reddit messaging system to appeal but the first 'you've been banned message' didn't have any details, nor did the appeal result, so I think that's that. As I said, low usage account so no great loss, but interesting failure at scale (and absolutely no recourse). Now that I trawl my Gmail spam folder for reddit messages I see spam messages for u/thinkofothers, u/appletinisforyourmom, u/MikeSmith328 and u/Darnold2375 telling them they've been banned (I can only search back so far), so clearly that's at least 4 other users with my email address that I haven't clicked on any verification link. Actually, none of those messages were addressed to me. Another delightful design decision consequence, Gmail's choice to ignore periods in email addresses means that the email address I use to sign in and send email from (with a period between names) is not in the email addresses that these four chuckleheads used. And yes, that means you can create two (or more) different accounts in the browser with just one email address, depending on how you sprinkle periods around.

My conclusions beyond the New Years social media detox and migrating from Gmail is that the identity handshake between browser and email is plain broken and needs a divorce.

Security Theater for Fraud Protection

 Many of experience processes where there's an appearance of 'something' being done, when the reality we're just experiencing 'theater'. Security theater, where we experience some 'safety procedure' that actually, when you think about it, isn't really making things safer. A close friend of security theater is shifting liability. They'll often go hand in hand - some 'security' process actually is just shifting liability from the company to you. We experience this with things like license agreements and terms of use (you read those, right?), or with hitting OK on the car navigation agreeing that it won't be used by the driver when driving. If something happens, well now, there's evidence you accepted or clicked, so it couldn't possibly be our fault, could it.

Fraud in banking is increasingly, with significant upticks since 2023.  There are many reasons for this, but an obvious cause is the increase in the possible ways that we can be fooled - from text messages, app notifications, unsolicited phone calls, the modern world is a wonder. So it's reasonable to think that banks would be reacting by providing better ways to protect us from fraud, no? Sadly this is not the case, with the banks falling cleanly into the "let's ensure we can reduce our liability" camp.

Let's step through an example (note, I won't name the bank, as the patterns are shared among many banks). I had occasion to do a wire transfer (domestically to another US bank). Given all the details (ABA routing number, account number, address etc), I decided on the following process.

1. Send a small wire transfer through to verify fund receipt.
2. Go to a bank branch in person and execute the wire transfer using the same details as in (1).

I reasoned that if the first is successful then the second (bigger) transfer would go through without problem as all identification / verification would occur in branch, and they'd re-use the same transfer details on my account, so all should be fine.

Step 1 goes flawlessly. Step 2 is less smooth than I would like, as despite having done the smaller transfer, the bank staff had to re-enter all the details again, requiring me to re-check the ABA routing and account number etc. Poor, but OK.

As I'm leaving the branch, the very helpful bank member is embarassed to explain that I may receive a call from fraud prevention to followup before this is sent. "Even though I'm physically here and you've verified everything?". "Even so.".

So, 20 minutes later I receive a call from "Scam Possible". I let it go to voicemail and review a message from fraud prevention, and please could I give them a call back. I call the number on the back of my bank card,  and then have to spend 15 minutes stepping through verification and a fixed set of questions around the purpose of the transfer, was I coerced, do I know the recipient, have I transferred money to them before, have I received money from them, until finally, do I acknowledge and accept the risk in making the transfer.

Then 30 minutes later I get another call from "Scam Possible", which is a repeat of the first. When I call up and ask why I'm having to repeat myself, there's no explanation.

So let's just break this down.

1. The bank is calling me from a number that someone has identified as "scam". More bluntly, the fraud department is trying to educate its clients that it's a good idea to pick up calls and hand over PII.
2. The bank had information about the recipient (in this case the receiver was me) and whether I'd transferred or received money before, but ignored it.
3. There's nothing in the questions that bank is asking that protects me. In theory I could be being held at gunpoint and be forced to answer the questions the way I did.
4. The bank is incompetent in its record keeping and has to go through the process twice.

I would argue that even if we sigh and accept that they want to shift liability, prompting within their banking app would be a much more secure (tied to biometrics) method. If we actually want to protect me, then having some mechanism for indicating 'held at gunpoint, don't transfer' that looks like I'm OKing the transfer would potentially be a better method.

It's clear though that the bank just wants to use security theater to shift liability, and doesn't care if it makes my life less safe when doing it.

Apple Cored

Beyond time at university, I've used Apple devices for much of the last 25 years. Use as a personal computer started when I worked at Microsoft, mainly as an easy defense against the "Oh, you work at Microsoft? I have a problem with <X>, can you help?" (a corollary to "You're from England, do you know <Y>?"). Far easier to say "So sorry, I use a Mac so I can't help you".

There was always a trade-off using a Mac. Apple's promise of giving the best experience by controlling both the hardware and the software sounded good, but the reality was Apple did a good job of optimizing for 'most people'. An Apple machine 'just worked'. Apple users rarely expected to have to type weird incantations or wield tools like Windows RegEdit to get their machines to work. Pretty much the machine worked and you could do what you needed to do, without worrying about the computer part. The trade-off came in the cost and the performance - you typically paid more for Apple's engineering, and weren't getting the highest performance components. For years, for example, Apple navigated the shift to Intel CPUs, high performance CPUs would come out that could be built into a Windows PC, whilst delays and premium pricing awaited the Apple faithful.

Then came the iPhone and other Apple devices, and I'd still argue Apple was operating by the same playbook. It wasn't that the same technology wasn't available elsewhere. It's just that Apple packaged it up and made it work so you could just use it seamlessly. I've used Android devices (part of working for Google) on and off, but iPhones have been a reasonable constant, with upgrades every 2-3 years.

With Steve's passing, Tim's supply chain management expertise became even more apparent. From the delayed migration to USB-C (really, the iPhone 14 Pro was lightning?), through to TouchID->FaceID migration (Android devices have both, but no, that's not the Apple way) and the slow rollout of better camera lenses, everything is at Apples pace, managing the bottom line.

There's unfortunately some rot in this world, and the iPhone 16 debut is the bifurcation point for me. Let's lay out a few things.

Firstly, with the launch of the Apple Watch and tying the watch to the phone (and the iCloud account), Apple gained a lot of stickiness. But unfortunately Apple just seemed to be less focused on quality. Health data (into which the Apple Watch pours its sensor info) can get very large (over 7Gb for me currently, without any abnormal use), which means transitioning a watch over to a new phone can be fickle. It was not great with the 15, but I had two weeks of failure to try and migrate to the 16 Pro. Just wouldn't migrate across. There are other bugs with the Apple Watch (I have a badge on day 2751 of 2750 towards a goal, for example), but getting the smooth migration to the 16 Pro wasn't working.

It's about now I should introduce the next flank of Apple's decline, and that's the troubleshooting experience. Search the forums, attend any genius bar, and the starting point will be "Have you backed up your device? Because what we're going to do is do a factory reset and restore.", The software version of "Turn it off and turn it on again". I'm sympathetic to a point - definitely a valuable tool in the fix it arsenal, but it's become the starting point (and often ending point) of troubleshooting. Here's the problem though - from a computer science perspective, what that process says is "We have something inconsistent in our software state that we're not going to try and debug. It could be a memory leak, or a data corruption error, or something more insidious in terms of how system, applications and data are interoperating. And we're not going to try and figure out why and make sure it doesn't happen again."

The reset and restore is going to lose any of that diagnostics, and just start again - meaning there's no explanation for the issue, or whether it might occur again. Users will often leave the Genius bar with their device working again (after waiting a while for the reset/restore purchase), without a thought to whether the issue will happen again. Try that approach with cars, or healthcare equipment, and I think you'd want a different answer.

So now you start doing more research and you find that other alternatives are quite attractive really. A Garmin watch which has days or even weeks of battery life for the same sensor data. An android phone with better cameras, biometrics (face and fingerprint both) at less than half the cost. So you conduct an experiment, and the final defense against switching - the applications, crumbles away.  The Android application versions of what you use are essentially the same, except that two of them don't crash the same way the iOS versions do.

So it feels like Apple's push into generative AI and rushing out iOS 18 and then point releases to get generative AI features in place, to consume more resources, is at the expense of platform quality. It's sad to see that Apple devices don't "just work" anymore.

One ring to rule them all?

 Despite the Lord of the Rings title, this post is actually about the dilemma that Apple (at least) is in when it comes to phone upgrades. Bear with me, it'll tie together I promise.

On one side, we have phone manufacturers who want to make it as easy as possible to migrate to a new phone. Having customers wait hours, or (gasp) carry out complicated steps isn't going to cut it. So, focusing on Apple a second, we have the ability to transfer to a new phone from an old, either directly or via an iCloud backup. Sounds like smooth sailing, right? At the end of the transfer, Apple even guides you to fully reseting your old phone ready for it's next life - perhaps being recycled back to Apple so the circle of life can continue. Not so fast though.

Various other parties aren't keen on the idea of having Apple rule everything, so they put friction in place to make their part of the world safer. Let's go through it :

Some eSIMs require a text message two-factor authentication to be sent (bet you're glad you didn't accept Apples offer to erase that old phone immediately after transfer now!) to ensure the move is legitimate.

Bluetooth migration may be simple for Apple devices (even the Apple Watch which will get a super special mention later), but if you've a connected car/house/water bottle/smart ring or something else not directly under Apple's control, be prepared to go pairing like there's no tomorrow.

Some banking apps want to be super secure, and either require you to bless the new phone from the old, or some other verification dance to make sure your money is safe.

Password managers (like Bitwarden) or secure messaging apps (like Signal) also need explicit steps to migrate across, from signing in through to manual transfer of end to end encrypted messages.

Authenticators. like Authy or Microsoft Authenticator, similarly are too 'powerful' to trust Apple's migration, so you need to sign in again there.

So - the tension is clearly there, where Apple is doing quite a bit of work behind the scenes, and would like to have the one ring to rule them all (I told you we'd get there) the other characters in this drama are not willing to cede that much control, for (on the surface of it) pretty sound reasons. Certainly reasons that each companies risk management team understands. But that friction means setting up a new phone isn't easy - it takes time. And woe betide you if you have a non-standard setup. What does that mean? Well, Apple (currently, weirdly, fortunately) supports the ability to have apps installed from two different AppleIds at the same time. Think one AppleID from one country that geofences its apps, another from your main country. But the migration is tied to an AppleID so what happens? What happens is you fall between the cracks, with apps from the secondary AppleID in a 'unable to install, but kind of here' state.

The only way round this is to re-build the new phone from scratch, signing in with the foreign AppleID first, installing the necessary Apps (once installed, Apple will update them without further fuss), then signing out and signing in to the main AppleID.

And then installing and setting up everything from scratch.

Every eSIM.

Every Bluetooth device.

Every banking app, every email account, every messaging app, every authenticator app, every password manager etc etc.

Oh, and the sync process with iCloud has no progress indicator, so don't even think about setting up that Apple Watch for a day or two, otherwise the multi-gigabytes of Health data (seriously Apple, what the hell is in there?) won't be fully in place, and your Apple Watch won't have any data to restore.

It's so painful and time consuming that I'm not doing it again.

So, Apple could fix things to make life easier, but ultimately there's a limit what they can do whilst lawyers and risk management people at other companies say "it's not secure enough, we need to be different". And who knows, given the pace of innovation in the mobile phone space is slowing, maybe the added friction is a good thing. For us, not for Apple though.

What's in a name?

 The following provides some information on a security vulnerability in id.me, an identity solution that has broad adoption in the USA, including integration with the Social Security Administration and other local and national government agencies.

First, a brief primer on names and email addresses.  RFC 5321 defines the Simple Mail Transport Protocol (SMTP) upon which email is based. Many enhancements and additions have been made around SMTP, most notably around spam protection. However the core aspects of an email address definition and how email is sent and received are unchanged. An email address is of the form recipient@domain, where recipient is a defined series of characters, and the domain is a registered domain. A server processing email on the domain decides on eventual delivery, and provision of a 'display name'. Let's have a few examples:

• "Michael Smith <mikesmith@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "mikesmith" on the domain gmail.com.

However, even though we know Mike is short for Michael, there's no requirement for the display name to match the recipient.

• "Michael Smith <immaterialscience@gmail.com>" would refer to a display name of "Michael Smith" and a recipient of "immaterialscience" on the domain gmail.com

OK, so that's fairly clear that there's no relationship, but what about this?

• "Albert Einstein <vonneumann@gmail.com>" would refer to a display name of "Albert Einstein" and a recipient of vonneumann on the domain gmail.com

Whilst this would be frowned upon from an etiquette perspective, there's nothing to prevent it from happening, because, again, there's no relationship.

Let's throw one more spanner in the works, with a specific particularity of Gmail.  Dots (periods) do not matter in gmail addresses. That is, the following email addresses are the same (taken from the Google support article example) :

• "John Smith <john.smith@gmail.com>"
• "Jack Smith <jo.hn.sm.ith@gmail.com>"
• "Robert Jones <j.o.h.n.s.m.i.t.h@gmail.com>"

(Side note : this can be exceptionally problematic where punctuation changes meaning, such as for therapist@gmail.com).

With that set up, let's proceed to id.me.

The first issue is that id. me doesn't verify email address ownership. That is, an individual can use an email address not belonging to them to establish an id.me account, and id.me doesn't check. Contrast this to many well behaved services that will send an email to the address entered and require the user to click on a link or enter a code contained in the message, to confirm ownership. id.me doesn't do this.

Next we'll combine this issue with the Gmail 'dot' peculiarity, to get the following :

Individual A signs up for id.me using "Individual A <noperiod@gmail.com>" as the email address for registration.

Individual B who owns "Individual B <no.period@gmail.com>" receives emails for this user.

Individual B can successfully reset the account for A (via email) and fully access Individual A's account.

Two additional vulnerabilities in id.me's design come to light if Individual B is a good actor and contacts id.me to attempt to correct their errors. Id.me will not allow account deletion without upload of documents (such as a drivers license) to prove identity. So, individual B, who didn't create the account but has access to it, has no way to delete the account without uploading their PII. Finally, id.me relies on security through obscurity in that they won't disclose the 'authoritative sources' that they check the upload id against.

Introducing "Quanta" to create a more balanced and valuable media ecosystem

The underlying economics for much of the web is driven by advertising. People generate data through interactions, publishers chase engagement for revenue, advertising platforms generate 100’s of billions of dollars in profit each year. I have been collaborating with Loren Kohnfelder on a number of projects, and in this area we believe that the consequences of this model have profoundly transformed web content and the way it is consumed, sacrificing civility, quality and independence for outrage, quantity and centralization. Let's consider a few different perspectives :

1. For people, engagement is mostly centered around social networking platforms (Facebook, Instagram, Tiktok, Twitter (or now "X"), Reddit etc) with a typical pattern being to locate content off-site (often from news or entertainment sites), reference and then ‘discuss’ onsite. The push to video (through Tiktok, Instagram Reels, Google showing YouTube video results with high priority) are all a reflection of a consumption culture, with video not only showing a longer time of engagement, but also enabling valuable video ads. All the social networking platforms mentioned above are all ad-based, and so are motivated to generate engagement, measured by key metrics such as on-site time and content interaction (likes, shares, retweets, subscribes etc).
2. In order for publishers to generate revenue (some subscriptions, but mostly ad based), they are driven to controversy (which drives engagement) and SEO optimization (so that they can appear above other similar content in searches and get picked by the social Algorithm). This even devolves into content copying - a publisher with better SEO optimization can steal content from elsewhere and pass it off as its own, generating more ad revenue. This is particularly rife on Youtube, where the perpetrators will even file DMCA take-downs against the original content producer.
3. To not risk losing eyeballs, social media platforms generally have a ‘feed’ model of some sort - a news feed or other infinite scroll list of unrelated content. This context-switch heavy model allows for new, small bursts of dopamine to be released by people as they ‘consume’ the content, the net effect being to have a thoughtless consumption of time, and discouragement of deep thinking., but it's also tiring and discourages deep thinking. Studies show that such doomscrolling is detrimental to mental health and focus, though having no content consistency or theme is actually a feature, and following/connecting with people (who contain multitudes) further supports this context switching world.
4. Since controversy generates more revenue than civility, all advertising platforms have to solve for the user-generated-content problem, surfing the line between what is legal & acceptable in any given jurisdiction and what creates outrage. Good outrage corresponds to impressions, bad outrage leads to advertisers distancing themselves. Whilst there is some reputational risk, and some sites seek to advocate for their communities, the advertising that underwrites the platforms means that content moderation is ultimately for the advertisers's sensibilities.

In summary then, we live an a world of centralized discussion, with constantly shifting focus, all with opportunity for enraged engagement to drive controversy, as it is a proven model for all parties to maximize ad revenue (along with conflict and divisiveness). Ultimately this is a focus on quantity of engagement and impressions, not on the quality of discussion and betterment of people. One further characteristic of this centralized model is that the publishers, who spend time and money to produce the content referred to in the first place, are removed from the discussion beyond the reference to the original article, because news site comments can't compete with social. Sadly, studies show that nearly 60% of people will interact with content without even clicking through.

To solve these inequities and unhealthy dynamics, we asked ourselves the question "What happens if a post isn't just a post? What happens if a post could be both a post, and an in-situ comment to the original article? This is a system we call "Quanta" and here's what it is and how it works.

Rather than continue the pattern of having social networks steal the conversation from publishers, we allow publishers to pull from a social network to host the relevant conversation in-situ, as a side-bar to the main article. Publishers have tried to create comment sections, mostly unsuccessfully, since the audience is poorly qualified/filtered and required per site registration. In Quanta, the audience is brought from the social network, and comments from the relevant audience (filtered by my network as well as using criteria that the publisher can introduce) are shown along side the article - even along side relevant parts of the article.

To explain how Quanta works, let's consider the following example:

Imagine a new article on The New York Times. Today, after a short period of time, the URL will be posted on social media with comments from readers. The conversation (retweets, replies etc) will all occur on the respective social media platforms.

In Quanta, a user would ‘post’ to Mastodon, or any ActvityPub based Fediverse app, quoting the URL, and Quanta would then index and organize such referring posts. In one implementation, the publisher would include comment blocks, and specify constraints/thresholds for the comments to be shown (reflecting popularity and editorial guidelines). The comment blocks would be rendered HTML (similar to how an ad slot is populated), and would be ‘passive’ in the sense of links (to favorite, repost etc) wouldn’t activate in-situ, but would (due to Same Origin Policy) send the user to the right point on the social instance. In another, more interesting, implementation, the browser could form a more opinionated view of content rendering and, with an appropriate social handle logged into the browser, render the comments in a pane next to the article.

In short, viewing the original page produces the current set of useful comments relating to the URL. All comments displayed are contextually relevant, and additionally provide a useful tool for user discovery.

A few interesting consequences of Quanta :

1. The publisher is now getting many more page views, because that's where the conversation about the page can be readily viewed. This increase in page views will increase the ad revenue the publishers can generate. Note - we don't consider a broader question about advertising being good or bad. We just want to shift revenue, discourse and attention to those that generate the content, away from the social networks that steal that attention.
2. The 'conversation' is now all in context. It's not about a newsfeed and context switching, but instead the conversation is focused on the topic the publisher has written about.
3. The duration of the conversation is longer. Doomscrolling a social media feed means that many users are just surfing that last few hours of content that's new to them. On Quanta, the published document and comments (and replies to comments) are all at the same URL, waiting for the next view. Referring to the same document days, months or years later will still have the conversation in place. We believe this will drive greater accountability of the poster and also create further re-engagement for the publisher(*).
4. Finally, we believe Quanta will provide a great follower discovery feature. All too often on social networks an interesting comment will be amplified, and in the moment the user has to make the decision "should I follow this person?" with little information (or a detour to research). In Quanta, the context is immediate, and publishers can choose to promote comments from known experts, making their work more broadly available. 

Quanta can be implemented as a Quanta server plus a browser extension. As a server, Quanta is an extension of Mastodon, as we believe the index of posts by URL should be distributed so that Quanta itself doesn't because another large centralized system that needs advertising or subscription to succeed. We also note that this seems directionally to be aligned with how Mastodon sees news integration as being important to the platform, as shown by the recently launched Mastodon byline feature.

Quanta has been shared as a concept with key browser vendors, and we firmly believe browser integration will provide the best experience.